From patchwork Mon Apr 15 21:21:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Linton X-Patchwork-Id: 162276 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp3418437jan; Mon, 15 Apr 2019 14:22:05 -0700 (PDT) X-Google-Smtp-Source: APXvYqwSWea/rCb5FyBICEn/Ho7eu77JpXqSPE8sdMK442fAx5rIKfSsEb8jYYWqOnK52zW/h+Yf X-Received: by 2002:a17:902:820c:: with SMTP id x12mr78595562pln.199.1555363325280; Mon, 15 Apr 2019 14:22:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555363325; cv=none; d=google.com; s=arc-20160816; b=wq9XR2hHJ8mGeKAAzNMMxlYOtitKZfZ1ZU8S9ZtcXzplob7ZHX2Grf6pCfWItcYbJm gKZfBGujBgk4FtPavTU+UFqlQqwntOweoEwTqPTl3vZqdJDM8nVmFntNKN2mTE+ymsHc UxvPR/ElAwp/4+dAB+qKwT0ILm2j37WJrOrGY9Vc54x0rVvCd7f77uHqIxyVqOqIkquL Jce5neNyKakh6zYveOkfq/80WmSKR1sbTdT1n/g3hhVrf9eCYFxMOx2+c+nyW0B1sL0j xRXIhZJw/sblfEKmFgZae2dO7g9W/Va7tfRJ1xWLywRR7hYR4JqvHHmJxLSe/WDH0YPB beXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=pOMdwosS4Ht216sx8iW9c71mwbmeE5TzFujvz5D+9ko=; b=n2+kTsQ0LZuxG6qQoALT9qpTJHZBlX8bbUyiahYLHM+PBpS5rXcj4pAFWn2ugTSNSv 9oFvet0mDnIK3yRbIPrX2ZHFBY7tQevSz8PAY3RMVg6vc79sj/tVFC0WKQhBT0NiSzB6 9w1c7x9a6WAMRCFwXUIX1g/4UxmGax6x5GV/wbHTHqN5MPdbmFdhBW8qu1j6YEpRETno gesMJxNb6zfoiZ5oaNdBJLuEHMvaUA5/ti8QnkWVKiO/GFkjdVmqiCd7ijUqys9hI/k9 WBKZgQ9kGvZuH1RKkoKVbkSSoW2M8m+cf8AFDMz+Ty5x+BsIEDul7viHirB4oB5W3Drt 0saw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a64si46197305pge.592.2019.04.15.14.22.04; Mon, 15 Apr 2019 14:22:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727899AbfDOVWE (ORCPT + 30 others); Mon, 15 Apr 2019 17:22:04 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:42952 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728043AbfDOVVo (ORCPT ); Mon, 15 Apr 2019 17:21:44 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 90DB01688; Mon, 15 Apr 2019 14:21:43 -0700 (PDT) Received: from mammon-tx2.austin.arm.com (mammon-tx2.austin.arm.com [10.118.29.246]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id E94713F68F; Mon, 15 Apr 2019 14:21:42 -0700 (PDT) From: Jeremy Linton To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, suzuki.poulose@arm.com, Dave.Martin@arm.com, shankerd@codeaurora.org, julien.thierry@arm.com, mlangsdo@redhat.com, stefan.wahren@i2se.com, Andre.Przywara@arm.com, linux-kernel@vger.kernel.org, Jeremy Linton , Andre Przywara Subject: [v8 07/10] arm64: add sysfs vulnerability show for spectre v2 Date: Mon, 15 Apr 2019 16:21:26 -0500 Message-Id: <20190415212129.1112-8-jeremy.linton@arm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190415212129.1112-1-jeremy.linton@arm.com> References: <20190415212129.1112-1-jeremy.linton@arm.com> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add code to track whether all the cores in the machine are vulnerable, and whether all the vulnerable cores have been mitigated. Once we have that information we can add the sysfs stub and provide an accurate view of what is known about the machine. Signed-off-by: Jeremy Linton Reviewed-by: Andre Przywara Reviewed-by: Catalin Marinas Tested-by: Stefan Wahren --- arch/arm64/kernel/cpu_errata.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) -- 2.20.1 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index bd2cdd22da99..e51ddcb197c0 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -512,6 +512,10 @@ cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused) .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \ CAP_MIDR_RANGE_LIST(midr_list) +/* Track overall mitigation state. We are only mitigated if all cores are ok */ +static bool __hardenbp_enab = true; +static bool __spectrev2_safe = true; + /* * List of CPUs that do not need any Spectre-v2 mitigation at all. */ @@ -522,6 +526,10 @@ static const struct midr_range spectre_v2_safe_list[] = { { /* sentinel */ } }; +/* + * Track overall bp hardening for all heterogeneous cores in the machine. + * We are only considered "safe" if all booted cores are known safe. + */ static bool __maybe_unused check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) { @@ -543,19 +551,25 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope) if (!need_wa) return false; + __spectrev2_safe = false; + if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) { pr_warn_once("spectrev2 mitigation disabled by configuration\n"); + __hardenbp_enab = false; return false; } /* forced off */ if (__nospectre_v2) { pr_info_once("spectrev2 mitigation disabled by command line option\n"); + __hardenbp_enab = false; return false; } - if (need_wa < 0) + if (need_wa < 0) { pr_warn_once("ARM_SMCCC_ARCH_WORKAROUND_1 missing from firmware\n"); + __hardenbp_enab = false; + } return (need_wa > 0); } @@ -778,3 +792,15 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, { return sprintf(buf, "Mitigation: __user pointer sanitization\n"); } + +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, + char *buf) +{ + if (__spectrev2_safe) + return sprintf(buf, "Not affected\n"); + + if (__hardenbp_enab) + return sprintf(buf, "Mitigation: Branch predictor hardening\n"); + + return sprintf(buf, "Vulnerable\n"); +}